package org.geeks.gsrest.base.config.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Lists;

/**
 * WebSecurityConfig
 * 
 * @author Geek-S
 *
 */
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	private final ObjectMapper objectMapper;

	@Autowired
	public WebSecurityConfig(ObjectMapper objectMapper) {
		this.objectMapper = objectMapper;
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication().withUser("geeks").password("geeks").roles("admin")
				.authorities(Lists.newArrayList(new SimpleGrantedAuthority("hello1")));
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable();

		http.authorizeRequests().anyRequest().authenticated();

		http.formLogin().failureHandler(new AuthenticationFailureHandler() {

			@Override
			public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
					AuthenticationException exception) throws IOException, ServletException {
				response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);

				response.getWriter().print(objectMapper.writeValueAsString(ResponseVo.builder().code(10001)
						.message("登录失败").status(HttpStatus.UNAUTHORIZED.value()).build()));
			}
		}).successHandler(new AuthenticationSuccessHandler() {

			@Override
			public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
					Authentication authentication) throws IOException, ServletException {
				response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);

				response.getWriter().print(objectMapper.writeValueAsString(
						ResponseVo.builder().code(10000).message("登录成功").status(HttpStatus.OK.value()).build()));
			}
		});

		http.exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {

			@Override
			public void commence(HttpServletRequest request, HttpServletResponse response,
					AuthenticationException authException) throws IOException, ServletException {
				response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);

				response.getWriter().print(objectMapper.writeValueAsString(ResponseVo.builder().code(10001)
						.message("未登录").status(HttpStatus.UNAUTHORIZED.value()).build()));

			}
		});
	}
}
